aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ansible/odoo/README.md14
-rw-r--r--ansible/odoo/docker/Dockerfile10
-rw-r--r--ansible/odoo/docker/Makefile6
-rwxr-xr-xansible/odoo/docker/set-admin-passwd.sh15
-rw-r--r--ansible/odoo/group_vars/all/vault.yml22
-rw-r--r--ansible/odoo/odoo.yml25
-rw-r--r--ansible/odoo/restart.yml0
7 files changed, 85 insertions, 7 deletions
diff --git a/ansible/odoo/README.md b/ansible/odoo/README.md
new file mode 100644
index 0000000..b91871b
--- /dev/null
+++ b/ansible/odoo/README.md
@@ -0,0 +1,14 @@
+Creating new passwords:
+
+ > python
+ import passlib.hash
+ password = "123"
+ passlib.hash.pbkdf2_sha512.hash(password, rounds=25000)
+
+
+Testing passwords:
+
+ grep admin_password /etc/odoo/odoo.conf
+ mysalt = "gzDG.J.TkrKWstaa03qPEQ"
+ mypassword = "123"
+ passlib.hash.pbkdf2_sha512.hash(mypassword, salt=passlib.utils.binary.ab64_decode(mysalt), rounds=25000)
diff --git a/ansible/odoo/docker/Dockerfile b/ansible/odoo/docker/Dockerfile
new file mode 100644
index 0000000..130adea
--- /dev/null
+++ b/ansible/odoo/docker/Dockerfile
@@ -0,0 +1,10 @@
+FROM odoo:12
+
+RUN pip3 install phonenumbers
+COPY ./set-admin-passwd.sh /
+VOLUME ["/var/lib/odoo", "/mnt/extra-addons"]
+
+EXPOSE 8069 8072
+USER odoo
+ENTRYPOINT ["/set-admin-passwd.sh"]
+CMD ["odoo"]
diff --git a/ansible/odoo/docker/Makefile b/ansible/odoo/docker/Makefile
new file mode 100644
index 0000000..d399777
--- /dev/null
+++ b/ansible/odoo/docker/Makefile
@@ -0,0 +1,6 @@
+TAG=trygvis/odoo:12
+
+all:
+ docker pull odoo:12
+ docker build -t $(TAG) .
+ docker push $(TAG)
diff --git a/ansible/odoo/docker/set-admin-passwd.sh b/ansible/odoo/docker/set-admin-passwd.sh
new file mode 100755
index 0000000..4c363b1
--- /dev/null
+++ b/ansible/odoo/docker/set-admin-passwd.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -euo pipefail
+
+: ${ADMIN_PASSWD:=`< /dev/urandom tr -dc A-Za-z0-9 | head -c16; echo`}
+
+# /etc/odoo is owned by root, can't create new files.
+TMPFILE=$(mktemp)
+sed -e "/^admin_passwd/d" \
+ -e "$ a admin_passwd = $ADMIN_PASSWD" \
+ $ODOO_RC > $TMPFILE
+cat $TMPFILE > $ODOO_RC
+rm -f $TMPFILE
+
+exec /entrypoint.sh "${@}"
diff --git a/ansible/odoo/group_vars/all/vault.yml b/ansible/odoo/group_vars/all/vault.yml
new file mode 100644
index 0000000..51fc326
--- /dev/null
+++ b/ansible/odoo/group_vars/all/vault.yml
@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+33376165656465643937383762303633323963333639363264336433333632663665383761303862
+3865383832383637343835333335666539636535353836310a383837623134306333323134366534
+31656331313934616432363965373866663563616361303531353139616133613266346237623330
+6365316338613965390a636336303734653961613964366532383735366536383132343165376338
+36333263313832376339356365613363326665363861653338333765613934626262323563393934
+33656437616134316132623665353330633838313262653831663665636138613538373330316664
+31306534623263386537363034313838303037643862663630336433666533316634393639343362
+34353862643162383337333163366538326466386534343133646565636565316632343964353533
+37393266336438613838346132306135363138666337366233303436643366646230643830393538
+37303830613662383363343330383966323661333761393237343361363265383065626238366363
+30353532346663613033373966623734636533623861333766663035316462326264333634303531
+33343934623034363731613966616631336330366364613961323266373739323461376264623737
+66316332643364633765303133623130613736643830666661623131366338663465333966306464
+61376463626636636437633266303534383634393039613364623262646562303439333239376133
+63666338366434363137633331343364353966303538336266363762666636343065373339353037
+35373933313664663632613935333535643530386364336563313764323665633934316365323331
+65663735366234336533306630383830366633383532373032663835613336613932373162613462
+35646134316462643936653631623537383036663361373437633561613334626133373136376530
+34383539363462613635376232363534653230643639323964613639303639363030316466333237
+32373539646566383937383761666462633937343435613631636261616137343766363235373139
+6235
diff --git a/ansible/odoo/odoo.yml b/ansible/odoo/odoo.yml
index 6897034..d018bf8 100644
--- a/ansible/odoo/odoo.yml
+++ b/ansible/odoo/odoo.yml
@@ -1,5 +1,12 @@
- hosts:
- numquam
+ vars:
+ container_name: odoo
+ docker_tag: trygvis/odoo:12
+ # Maximum allowed CPU time per request (default 60).
+ limit_time_cpu: 120
+ # Maximum allowed Real time per request (default 120).
+ limit_time_real: 500
tasks:
- become: yes
file:
@@ -17,25 +24,29 @@
[Service]
TimeoutStartSec=0
Restart=always
- ExecStartPre=-/usr/bin/docker stop odoo
- ExecStartPre=-/usr/bin/docker rm odoo
- ExecStartPre=/usr/bin/docker pull odoo
+ ExecStartPre=-/usr/bin/docker stop {{ container_name }}
+ ExecStartPre=-/usr/bin/docker rm {{ container_name }}
+ ExecStartPre=/usr/bin/docker pull {{ docker_tag }}
ExecStart=/usr/bin/docker run \
-e HOST=172.17.0.1 \
-e PORT=5432 \
-e USER=odoo \
-e PASSWORD=odoo \
+ -e ADMIN_PASSWD={{ admin_passwd }} \
-p 8069:8069 \
--mount source=odoo-data,target=/var/lib/odoo \
--mount source=odoo-extra-addons,target=/mnt/extra-addons \
- --name odoo -t \
- odoo \
+ -t \
+ --name {{ container_name }} \
+ {{ docker_tag }} \
--workers=5 \
--http-port=8069 \
--longpolling-port=8070 \
--email-from=odoo@trygvis.io \
--smtp=172.17.0.1 \
- --proxy-mode
+ --proxy-mode \
+ --limit-time-cpu={{ limit_time_cpu }} \
+ --limit-time-real={{ limit_time_real }} \
[Install]
WantedBy=multi-user.target
@@ -58,4 +69,4 @@
unit: docker.odoo.service
enabled: yes
state: restarted
- when: service_file.changed
+ when: service_file.changed or force_restart
diff --git a/ansible/odoo/restart.yml b/ansible/odoo/restart.yml
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/ansible/odoo/restart.yml